RHSA-2015:1272 - Security Advisory

Synopsis

Moderate: kernel security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red Hat Enterprise Linux version 6.This is the seventh regular update.

Red Hat Product Security has rated this update as having Moderate securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.

A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)implementation handled non-huge page migration. A local, unprivileged usercould use this flaw to crash the kernel by migrating transparent hugepages.(CVE-2014-3940, Moderate)

A buffer overflow flaw was found in the way the Linux kernel's eCryptfsimplementation decoded encrypted file names. A local, unprivileged usercould use this flaw to crash the system or, potentially, escalate theirprivileges on the system. (CVE-2014-9683, Moderate)

A race condition flaw was found between the chown and execve systemcalls. When changing the owner of a setuid user binary to root, the racecondition could momentarily make the binary setuid root. A local,unprivileged user could potentially use this flaw to escalate theirprivileges on the system. (CVE-2015-3339, Moderate)

An information leak flaw was found in the way the Linux kernel's AdvancedLinux Sound Architecture (ALSA) implementation handled access of the usercontrol's state. A local, privileged user could use this flaw to leakkernel memory to user space. (CVE-2014-4652, Low)

It was found that the espfix functionality could be bypassed byinstalling a 16-bit RW data segment into GDT instead of LDT (which espfixchecks), and using that segment on the stack. A local, unprivileged usercould potentially use this flaw to leak kernel stack addresses.(CVE-2014-8133, Low)

An information leak flaw was found in the Linux kernel's IEEE 802.11wireless networking implementation. When software encryption was used, aremote attacker could use this flaw to leak up to 8 bytes of plaintext.(CVE-2014-8709, Low)

It was found that the Linux kernel KVM subsystem's sysenter instructionemulation was not sufficient. An unprivileged guest user could use thisflaw to escalate their privileges by tricking the hypervisor to emulate aSYSENTER instruction in 16-bit mode, if the guest OS did not initialize theSYSENTER model-specific registers (MSRs). Note: Certified guest operatingsystems for Red Hat Enterprise Linux with KVM do initialize the SYSENTERMSRs and are thus not vulnerable to this issue when running on a KVMhypervisor. (CVE-2015-0239, Low)

Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133issue, and Nadav Amit for reporting the CVE-2015-0239 issue.

This update fixes several hundred bugs and adds numerous enhancements.Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information onthe most significant of these changes, and the following Knowledgebasearticle for further information:

https://access.redhat.com/articles/1466073

All kernel users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues and add theseenhancements. The system must be rebooted for this update to take effect.

Solution

Before applying this update, make sure all previously released erratarelevant to your system have been applied.